Of course. It works. With exactly the fingerprint copy distributed in the Datenschleuder.

I wonder why this is not in use in about every company which is concerned about security and especially password security...anyone knows why? It can't be the costs, can it be? For a 5 people company it's expensive, but for anything more than 100 people the additional costs are next to nothing, right?

It is expensive and not so simple. Is every one of your applications LDAP aware? If not, you have to write custom code that fills in every login mask. The largest problem however is setting up the infrastructure and keep it running - you have to issue hardware tokens, renew them, usually build a PKI around it (which is either very expensive, doesnt't work as well as advertised or doesn't scale. Which will be a problem especially in orgs with >> 100 people